Taking control of the Browser Security Model

This past weekend at the Devsigner Conference¬†held in Portland, Oregon, Dylan Tack gave an excellent presentation entitled “Taking control of the Browser Security Model”: Since the birth of the web, the browser security model has remained nearly static. Recent evolutions make it possible for site operators to fine-tune the security model, and enforce mandatory accessContinue reading “Taking control of the Browser Security Model”

Now Open For Business

A few months ago I re-opened my professional consultancy and here’s what I have to offer companies and executives: Provide an honest assessment of your information technology operation Offer executives a “plain English” explanation of technology Personalized executive technology coaching and training Help you answer the question “IT tells me everything is perfect but isContinue reading “Now Open For Business”

Boy Baukema: 4 HTTP Security Headers You Should Always be Using

While growing a solution works very well for discovering what works and what doesn’t, it hardly leads to a consistent and easy to apply programming model. This is especially true for security: where ideally¬†the simplest thing that works is also the most secure, it is far too easy to introduce vulnerabilities like¬†XSS,¬†CSRF¬†or¬†Clickjacking. Because HTTP isContinue reading “Boy Baukema: 4 HTTP Security Headers You Should Always be Using”